Lucene search

K

[email protected]NVD:CVE-2011-4122

HistoryNov 17, 2011 - 7:55 p.m.

CVE-2011-4122

2011-11-1719:55:01

CWE-22

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.8%

Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a … (dot dot) in the service_name argument to the pam_start function, as demonstrated by a … in the -c option to kcheckpass.

Affected configurations

NVD

Node

freebsdfreebsdMatch8.1

References

c-skills.blogspot.com/2011/11/openpam-trickery.html

openwall.com/lists/oss-security/2011/12/07/3

openwall.com/lists/oss-security/2011/12/08/9

osvdb.org/76945

secunia.com/advisories/46756

secunia.com/advisories/46804

stealth.openwall.net/xSports/pamslam

trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c

exchange.xforce.ibmcloud.com/vulnerabilities/71205

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.8%

Related for NVD:CVE-2011-4122

openvas2 freebsd_advisory1 securityvulns2 cve2 freebsd1 cvelist2 prion2 nessus1 nvd1